"In early January 2026, some Ledger customers were notified that personal and order information related to Ledger.com purchases had been accessed during a security incident involving Global-e, a third-party e-commerce partner that acts as the "merchant of record" for certain orders. Ledger stressed that its own hardware and software systems were not breached. However, the exposed purchase data was enough to spark a familiar second act: highly targeted phishing attempts that appear legitimate because they reference real-world details."
"A breach at a commerce partner can expose customer order data even if wallet systems remain secure. Real order context, such as product, price and contact or shipping details, can make phishing attempts appear legitimate and harder to detect. Treat inbound "support" messages as untrusted until they are verified through official Ledger resources."
Global-e, a third-party e-commerce merchant of record for certain Ledger.com purchases, experienced unauthorized access to systems holding customer and order information. The exposed data included order-related fields such as contact and shipping identifiers tied to Ledger purchases. Ledger's own hardware and wallet systems were not breached, but the leaked purchase context enabled sophisticated phishing that referenced real products, prices, and shipping details. Such real-world order details make impersonation attempts far more convincing and harder to detect. Customers should treat inbound support messages as untrusted until verified through official Ledger resources and follow established scam-advisory verification steps.
Read at Cointelegraph
Unable to calculate read time
Collection
[
|
...
]